CVE-2001-1234

Published: Oct 2, 2001Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Bharat Mediratta Gallery PHP script before 1.2.1 allows remote attackers to execute arbitrary code by including files from remote web sites via an HTTP request that modifies the includedir variable.

Affected (3)

Products: Gallery Project: Gallery

Gallery Project

1 product

Gallery

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Gallery Project Gallery	Version 1.1
Gallery Project Gallery	Version 1.2.1
Gallery Project Gallery	Version 1.2

References (10)

http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html

Source: cve@mitre.org

http://prdownloads.sourceforge.net/gallery/gallery-1.2.5.tar.gz

Source: cve@mitre.org

http://www.iss.net/security_center/static/7215.php

Source: cve@mitre.org

PatchVendor Advisory

http://www.osvdb.org/1967

Source: cve@mitre.org

http://www.securityfocus.com/bid/3397

Source: cve@mitre.org

ExploitVendor Advisory

http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html